- Hands-On Red Team Tactics
- Himanshu Sharma Harpreet Singh
- 92字
- 2021-08-13 15:36:45
Reconnaissance
This is the most crucial phase of a CKC. The adversary will try to gather as much information as possible on the target. For example, an adversary can look for an organization's website for vulnerabilities or an employee's profile/email/credentials for a spear phishing or watering-hole attack. It can also dumpster dive to look for certain credentials and access keys in the target organization's network, Open Source Intelligence (OSINT), and so on.
You can find a really well-maintained list of tools and public online portals for gathering intel at this link: https://github.com/jivoi/awesome-osint